Facebook Fails Stanford's Privacy Test, Twitter And iPhone Pass

When Facebook changed its privacy settings last December, founder Mark Zuckerberg declared that privacy was no longer a "social norm." Stanford project WhatApp.org begs to differ.

The new site, which was co-created by Stanford University Law fellow Ryan Calo last year and went into beta in March, has rated Facebook's privacy significantly lower than that of other platforms like Twitter and the iPhone.

"I think people are upset because when you download an app, you don't have any control over what the app developer sees on your profile," says Calo. "There's the perception among users that they don't need to give away so much information to have the apps do the same thing as they are currently doing."

WhatApp is a site that rates the privacy, security and openness of web and mobile applications as well as the various platforms they run on. Calo bills it as a Consumer Reports mixed with Yelp and Wikipedia. Experts -- lawyers, security gurus and computer scientists -- can join the website after being vetted by Calo's team to rate apps and write in-depth reviews. Everyone else can sign up to write comments, or suggest apps for review.

On the site, Facebook received 2 points out of 5 (5 being the best score) in all three categories of privacy, security and openness. The scores are aggregated from the experts who reviewed the app or platform, but you currently can't see how many experts took part in the scoring. Calo says this is a feature he is considering adding. A written "expert review" by Calo himself on Facebook also accompanies its scores on WhatApp. Calo dings the social networking site for not allowing the user to customize what information app developers can see on their profile when they download an app.

One Facebook app, called "Lover of the Day" was even put in WhatApp's "Penalty Box" for its low scores. The reviewer warns readers to be wary, saying that the "privacy policy is a joke" and that the "app wants to run independently of the user, and it wants to collect your email address"

Meanwhile, both Twitter and the iPhone received 3 points each for privacy and security, and 2 points each for openness -- a bit better, but far from perfect. Cyrus Nemati, an expert reviewer listed as a web producer for the Center For Democracy & Technology, wrote about the lack of "granular controls" over the user's privacy settings on the iPhone.

But Calo didn't create the site just to point out privacy violations. WhatApp is also meant to be a hub for privacy discussions, and to help consumers guard against scams, identity theft, phishing and other security problems.

"We didn't see much discussion on privacy, security, openness out there," says Calo. "So we perceived the need for a place where consumers could go to talk to those issues."

Calo says he also wants to encourage developers to build apps not only for functionality and fun, but with privacy in mind. Developers can use the site to "brag" about their apps' privacy if they've achieved a high rating.

To rate apps on WhatApp, experts answer a few questions like "How much information does this application gather relative to what you think it needs to provide the functionality it promises?" or "To what extent does this application take steps to protect user data or identity, for example, through encryption?"

Calo recognizes that without direct access to an app's back-end, it can be hard to determine privacy settings, even for an expert. But he says that experts and others can sometimes glean privacy information from testing or using an app, and that the site provides a centralized forum for those discussions. There's also the added value of having lawyers review long and cryptic user agreements, which users will often click right through.

The site currently has about 26 experts signed up and some 250 apps listed, a number of them already reviewed. Calo received a grant from the Rose Foundation to start WhatApp last year.